Enable access control to allow search for all users in embedded mode

Sun, 28 Sep 2008 15:43:46 -0700 

Hi everybody!
I've followed the tutorial for embedding ApacheDS as a WebApp at http://directory.apache.org/apacheds/1.5/embedding-apacheds-as-a-web-application.html , everything's working fine, I can create users from code, etc. Now I want to enable access control and allow search to all users. I've followed this guide http://directory.apache.org/apacheds/1.5/enablesearchforallusers.html for doing so, but I can't manage to make it work. 


I have this method at StartStopListener.java for creating an access 
control subentry:

////////

private void createAccessControlSubentry(DirContext ctx, String cn, 
String subtree, String aciItem) throws NamingException

{
 try
 {
 // modify ou=system to be an AP for an A/C AA if it is not already
 Attributes ap = ctx.getAttributes("", new String[]{"administrativeRole"});
 Attribute administrativeRole = ap.get("administrativeRole");

 if (administrativeRole == null || 
!administrativeRole.contains(SubentryService.AC_AREA))

 {

   Attributes changes = new BasicAttributes("administrativeRole", 
SubentryService.AC_AREA, true);

   ctx.modifyAttributes("", DirContext.ADD_ATTRIBUTE, changes);
 }

 // now add the A/C subentry below ou=system
 Attributes subentry = new BasicAttributes("cn", cn, true);
 Attribute objectClass = new BasicAttribute("objectClass");
 subentry.put(objectClass);
 objectClass.add("top");
 objectClass.add("subentry");
 objectClass.add("accessControlSubentry");
 subentry.put("subtreeSpecification", subtree);
 subentry.put("prescriptiveACI", aciItem);
 ctx.createSubcontext("cn=" + cn, subentry);
 }
 catch (Exception e)
 {
   e.printStackTrace();
 }
}
////////

After creating an InitialDirContext I call the method like this:
...
DirContext ctx = new InitialDirContext(env);
createAccessControlSubentry(ctx, "enableSearchForAllUsers", "{}",
       "{ \n" +
       "  identificationTag \"enableSearchForAllUsers\",\n" +
       "  precedence 14,\n" +
       "  authenticationLevel simple,\n" +
       "  itemOrUserFirst userFirst: \n" +
       "  { \n" +
       "    userClasses { allUsers }, \n" +
       "    userPermissions \n" +
       "    { \n" +
       "      {\n" +

       "        protectedItems {entry, allUserAttributeTypesAndValues}, 
\n" +
       "        grantsAndDenials { grantRead, grantReturnDN, 
grantBrowse } \n" +

       "      }\n" +
       "    } \n" +
       "  } \n" +
       "}");

Everything compiles fine, but then I get an exception at runtime:


[20:42:11] ERROR [org.apache.directory.server.core.schema.SchemaService] 
- Entry  does not contain a STRUCTURAL ObjectClass
org.apache.directory.shared.ldap.exception.LdapSchemaViolationException: 
Entry  does not contain a STRUCTURAL ObjectClass
       at 
org.apache.directory.server.core.schema.SchemaService.assertObjectClasses(SchemaService.java:1926)
       at 
org.apache.directory.server.core.schema.SchemaService.check(SchemaService.java:1742)
       at 
org.apache.directory.server.core.schema.SchemaService.modify(SchemaService.java:1501)
       at 
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1226)
       at 
org.apache.directory.server.core.operational.OperationalAttributeService.modify(OperationalAttributeService.java:197)
       at 
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1226)
       at 
org.apache.directory.server.core.exception.ExceptionService.modify(ExceptionService.java:354)
       at 
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1226)
       at 
org.apache.directory.server.core.authz.DefaultAuthorizationService.modify(DefaultAuthorizationService.java:286)
       at 
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1226)
       at 
org.apache.directory.server.core.authz.AuthorizationService.modify(AuthorizationService.java:538)
       at 
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1226)
       at 
org.apache.directory.server.core.referral.ReferralService.modify(ReferralService.java:835)
       at 
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1226)
       at 
org.apache.directory.server.core.authn.AuthenticationService.modify(AuthenticationService.java:399)
       at 
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1226)
       at 
org.apache.directory.server.core.normalization.NormalizationService.modify(NormalizationService.java:141)
       at 
org.apache.directory.server.core.interceptor.InterceptorChain.modify(InterceptorChain.java:815)
       at 
org.apache.directory.server.core.partition.PartitionNexusProxy.modify(PartitionNexusProxy.java:398)
       at 
org.apache.directory.server.core.partition.PartitionNexusProxy.modify(PartitionNexusProxy.java:385)
       at 
org.apache.directory.server.core.jndi.ServerContext.doModifyOperation(ServerContext.java:383)
       at 
org.apache.directory.server.core.jndi.ServerDirContext.modifyAttributes(ServerDirContext.java:178)
       at 
org.apache.directory.server.core.jndi.ServerDirContext.modifyAttributes(ServerDirContext.java:153)
       at 
javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:138)
       at 
org.apache.directory.embed.webapp.StartStopListener.createAccessControlSubentry(StartStopListener.java:135)
       at 
org.apache.directory.embed.webapp.StartStopListener.contextInitialized(StartStopListener.java:77)
       at 
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
       at 
org.apache.catalina.core.StandardContext.start(StandardContext.java:4350)
       at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
       at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
       at 
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
       at 
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626)
       at 
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:511)
       at 
org.apache.catalina.startup.HostConfig.check(HostConfig.java:1229)

       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

       at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

       at java.lang.reflect.Method.invoke(Method.java:585)

       at 
org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:297)
       at 
com.sun.jmx.mbeanserver.DynamicMetaDataImpl.invoke(DynamicMetaDataImpl.java:213)
       at 
com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
       at 
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)
       at 
com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
       at 
org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1465)
       at 
org.apache.catalina.manager.ManagerServlet.deploy(ManagerServlet.java:821)
       at 
org.apache.catalina.manager.ManagerServlet.doGet(ManagerServlet.java:349)

       at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)

       at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
       at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at 
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:196)
       at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
       at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
       at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
       at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
       at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
       at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at 
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
       at 
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)

       at java.lang.Thread.run(Thread.java:595)


I know this might be a very newbie question but I really can't find a 
solution... help please. :(













    











					Reply via email to